Thanks for the replies and a more detailed description what I want to do is shown below,
Take "dc=foo, dc=com" for example, I have set up the rules as follows : access to dn.children="ou=misc, dc=foo, dc=com" by * read access to dn.children="ou=sales, dc=foo, dc=com" by * read access to dn.children="ou=it, dc=foo, dc=com" by * read access to dn.children="ou=vendor, dc=foo, dc=com" by * read Because this is a public addressbook for internal lookup use, mainly for outlook express and mozilla mail; I don't use any authentication and the users can access the LDAP addressbook successfully ( all the entries of "ou=misc, dc=foo, dc=com", "ou=sales, dc=foo, dc=com", "ou=it, dc=foo, dc=com", and "ou=vendor, dc=foo, dc=com" are shown up. ). However, when I want to restrict only the sales staff who can access dn.children="ou=vendor, dc=foo, dc=com", the following rules fail to do so. access to dn="ou=vendor, dc=foo, dc=com" by dn="ou=sales, dc=foo, dc=com" read access to dn.children="ou=vendor, dc=foo, dc=com" by dn.children="ou=sales, dc=foo, dc=com" read ( That is, the entries of "ou=vendor, dc=foo, dc=com" are not shown in the LDAP addressbook. ) Hence, I want to know how to setup a rule that only the sales staff who can access dn.children="ou=vendor, dc=foo, dc=com". Thank you for your information. :-) Michael -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
